Absolutely, we need to re-inforce this statement in the security consideration. This will be done in the next version. Thanks for the clarification!
BR, Daniel On Mon, Oct 10, 2016 at 3:05 AM, Valery Smyslov <[email protected]> wrote: > Hi Daniel, > > I think you should add a text in the Security Considerations that these > transforms MUST NOT be used in situations where there is a chance that > Sequence Numbers repeat. The most prominent example where it can happen - > multicast ESP SA with multiple senders. > > Regards, > Valery. > > > > Hi, >> >> Based on the feed backs and the discussions from the previous IETF, see >> the updated version of our draft. We believe the document is in good shape >> to become a WG document. >> >> Feel free to support the draft and as usually, comments are welcome! >> >> BR, >> Daniel >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> Sent: Saturday, October 08, 2016 7:15 PM >> To: Tobias Guggemos <[email protected]>; Yoav Nir < >> [email protected]>; Daniel Migault <[email protected]> >> Subject: New Version Notification for draft-mglt-ipsecme-implicit-iv >> -01.txt >> >> >> A new version of I-D, draft-mglt-ipsecme-implicit-iv-01.txt >> has been successfully submitted by Daniel Migault and posted to the IETF >> repository. >> >> Name: draft-mglt-ipsecme-implicit-iv >> Revision: 01 >> Title: Implicit IV for Counter-based Ciphers in IPsec >> Document date: 2016-10-08 >> Group: Individual Submission >> Pages: 6 >> URL: https://www.ietf.org/internet- >> drafts/draft-mglt-ipsecme-implicit-iv-01.txt >> Status: https://datatracker.ietf.org/ >> doc/draft-mglt-ipsecme-implicit-iv/ >> Htmlized: https://tools.ietf.org/html/d >> raft-mglt-ipsecme-implicit-iv-01 >> Diff: https://www.ietf.org/rfcdiff? >> url2=draft-mglt-ipsecme-implicit-iv-01 >> >> Abstract: >> IPsec ESP sends an initialization vector (IV) or nonce in each >> packet, adding 8 or 16 octets. Some algorithms such as AES-GCM, AES- >> CCM, AES-CTR and ChaCha20-Poly1305 require a unique nonce but do not >> require an unpredictable nonce. When using such algorithms the >> packet counter value can be used to generate a nonce, saving 8 octets >> per packet. This document describes how to do this. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org. >> >> The IETF Secretariat >> >> _______________________________________________ >> IPsec mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ipsec >> > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
